...
In fact, relying on environment variables is more than a simple portability issue. An attacker can essentially control all environment variables that enter a program, using a mechanism such as the java.lang.ProcessBuilder class.
Consequently, if when an environment variable contains information that is available by other means, including system properties, that environment variable must not be used.
...
This compliant solution obtains the user name using the user.name system property. This property always contains the correct user name, even if when the USER environment variable has been set to an incorrect value, or does not existis missing.
| Code Block | ||
|---|---|---|
| ||
String username = System.getProperty("user.name");
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7f178100b4d470e8-9ab8cfc3-476c4c15-af399dd6-d2d7d6c4609209ec650a5a67"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c915a9fde36569c3-bebd5d71-4bbe485a-a04cb613-13c1717f9fcc65166a8a47ef"><ac:plain-text-body><![CDATA[ | [[Campione 1996 | AA. Bibliography#Campione 96]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...